IBM Security Bulletin: MQ Explorer directory created with owner ‘555’ on Linux x86-64 vulnerability affects IBM MQ (CVE-2016-6089)

IBM MQ including MQ Explorer installed on Linux x86-64 environment. After the completion of installation, all directories under opt/mqm/mqexplorer/eclipse are created with owner “555” (non-existant user) and group mqm. This vulnerability allows a local user to alter the contents of the opt/mqm/mqexplorer/eclipse directory and make the product unusuable.

CVE(s): CVE-2016-6089

Affected product(s) and affected version(s):

IBM MQ v9.0.0.0

IBM MQ v9.0.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2smebBZ
X-Force Database: http://ift.tt/2ro8NRG

The post IBM Security Bulletin: MQ Explorer directory created with owner ‘555’ on Linux x86-64 vulnerability affects IBM MQ (CVE-2016-6089) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2smzaF3